Hi,

I am setting up a mysql database, with two tables. One keeps the user
authentication info such as user name, password and user level. The other
table with contains files for upload and download. Is there a good way to
setup the user authentication table so it can check appropriate user rights
(user level) then provide the appropriate upload or download page?

I came up with a scheme as follows,

userlevel unsigned tinyint not null primary key,
username char(8) not null,
userpass char(16) not null

I can store user passwords using MySQL's password encryption. But when I
need to access the upload/download table I need to somehow notify the
database that what level of access the user has. If I set userlevel=1 (or
any number) after succesful authentication in the script, I would
compromised the other table. As hackers can change userlevel in the php
script without going through the authentication. Can someone please provide
me a couple of pointers how I go about setting up my database? TIA.

Regards,
Norman


---------------------------------------------------------------------
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/           (the list archive)

To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

Reply via email to